09/14/2021 02:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279202 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1d68 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279201 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1d9c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279206 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6A774F Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279205 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6A774F Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54253 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279204 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6A774F Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279203 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1efc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279208 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1a8c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279207 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1408 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279209 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xec4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279210 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1128 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275714 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbc8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275713 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5e8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275716 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb60 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275715 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xaac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275718 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbf4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275717 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xed8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275719 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x9bc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279212 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c5c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279211 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x2d8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279217 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6AB16A Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279216 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6AB16A Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54266 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279215 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6AB16A Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279214 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6A4ACC Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279213 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1260 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279219 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x16a0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279218 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c74 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279220 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x12a0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279221 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x14a8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275721 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb8c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275720 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x6c8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275723 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xe2c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275722 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbc0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275725 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xd90 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275724 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xe14 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275726 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x8a8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279223 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1068 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279222 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1624 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279227 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6AE9EA Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279226 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6AE9EA Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54279 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279225 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6AE9EA Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279224 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4a4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279229 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1e1c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279228 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xfac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279230 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1040 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279231 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1404 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275728 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xa8c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275727 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x890 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275730 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x58c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275729 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x30c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275732 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x818 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275731 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x12c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275733 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x784 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279233 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1ff4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279232 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1da8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279237 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B2435 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:45:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279236 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6B2435 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54292 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:45:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279235 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B2435 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:45:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279234 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1768 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279239 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x13f0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279238 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xfc0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279240 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x13b4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279241 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1d68 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279252 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3C32 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279251 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3D20 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279250 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3D68 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279249 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Delegation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6B3E19 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {92B77D66-3C49-FAD2-6B4C-4EAC426E14F9} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::a147:35ed:2004:ba49 Source Port: 54299 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279248 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3E19 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279247 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6B3D68 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {FAA37440-1EBF-7FB9-4FD6-3C51828FFA5D} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.14 Source Port: 54296 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279246 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3D68 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279245 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6B3D20 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {FAA37440-1EBF-7FB9-4FD6-3C51828FFA5D} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279244 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3D20 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279243 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6B3C32 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {FAA37440-1EBF-7FB9-4FD6-3C51828FFA5D} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::a147:35ed:2004:ba49 Source Port: 54295 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:45:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279242 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3C32 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:45:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279253 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B3E19 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:45:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279255 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Delegation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6B479D Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {8CB356C4-A9F4-7137-BC85-5B02FA93C483} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::a147:35ed:2004:ba49 Source Port: 54303 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:45:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279254 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B479D Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:46:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279256 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Process Information: New Process ID: 0x1d44 New Process Name: C:\Windows\System32\dllhost.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x354 Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279257 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6B479D Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:46:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275735 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb90 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275734 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xf5c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275737 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x7ac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275736 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275738 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xa5c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275740 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xba0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275739 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xfbc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279258 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Process Information: New Process ID: 0x1e80 New Process Name: C:\Windows\System32\dllhost.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x354 Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279261 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1fe4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279260 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Process Information: New Process ID: 0x1168 New Process Name: C:\Windows\System32\dllhost.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x354 Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\system32\DllHost.exe /Processid:{448AEE3B-DC65-4AF6-BF5F-DCE86D62B6C7} Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279259 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1228 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279265 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6C4315 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:46:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279264 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6C4315 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54312 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:46:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279263 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6C4315 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:46:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279262 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1dac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279267 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279266 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x12cc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279268 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x148c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279269 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5a4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:46:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279276 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6C6242 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:46:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279275 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6C6242 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::a147:35ed:2004:ba49 Source Port: 54316 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:46:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279274 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6C6242 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:46:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279273 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6C61D6 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:46:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279272 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6C61D6 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::a147:35ed:2004:ba49 Source Port: 54315 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:46:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279271 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6C61D6 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:46:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279270 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Process Information: New Process ID: 0x1510 New Process Name: C:\Windows\System32\dllhost.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x354 Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4907 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279277 Keywords=Audit Success Message=Auditing settings on object were changed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x734 Process Information: Process ID: 0x1168 Process Name: C:\Windows\System32\dllhost.exe Auditing Settings: Original Security Descriptor: New Security Descriptor: S:ARAI(AU;OICISA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-3286140889-4247542712-197197478-513) 09/14/2021 02:47:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279279 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1e1c New Process Name: C:\Windows\System32\mmc.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0xfac Creator Process Name: C:\Windows\System32\eventvwr.exe Process Command Line: "C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279278 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xfac New Process Name: C:\Windows\System32\eventvwr.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x1098 Creator Process Name: C:\Windows\explorer.exe Process Command Line: "C:\Windows\system32\eventvwr.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275742 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbfc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275741 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x49c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275744 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x33c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275743 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x7c4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275746 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x60c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275745 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x790 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275747 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x988 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279281 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1ac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279280 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xf48 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279285 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6E5143 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:47:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279284 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6E5143 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54332 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:47:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279283 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6E5143 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:47:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279282 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1e30 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279287 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c44 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279286 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1104 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279288 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x17b4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:47:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279289 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1cd8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275749 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb98 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275748 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbbc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275751 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x89c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275750 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x9e4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275753 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb60 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275752 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xf70 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279290 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1ec0 New Process Name: C:\Windows\System32\mmc.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x1098 Creator Process Name: C:\Windows\explorer.exe Process Command Line: "C:\Windows\system32\mmc.exe" "C:\Windows\system32\gpedit.msc" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275754 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x960 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279292 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1068 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279291 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x10d4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279296 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1538 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279295 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6F0F59 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:48:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279294 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6F0F59 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54345 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:48:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279293 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6F0F59 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:48:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279297 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xc28 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279298 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xdcc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279299 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x688 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:48:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279300 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x132c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275756 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x390 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275755 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x8a4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275758 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xea4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275757 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x854 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275760 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x210 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275759 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbd4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275761 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xe7c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279302 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x864 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279301 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x608 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279306 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6F8560 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:49:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279305 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6F8560 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {13752158-FDB6-4014-FF2C-E7BC87F51161} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 54359 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:49:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279304 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6F8560 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:49:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279303 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xe78 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279308 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1d68 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279307 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1ebc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279309 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1408 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=279310 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1c4c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xb44 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279340 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Account Logon Subcategory: Kerberos Authentication Service Subcategory GUID: {0CCE9242-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279339 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Account Logon Subcategory: Kerberos Service Ticket Operations Subcategory GUID: {0CCE9240-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279338 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Account Logon Subcategory: Credential Validation Subcategory GUID: {0CCE923F-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279337 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: DS Access Subcategory: Directory Service Access Subcategory GUID: {0CCE923B-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279336 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Account Management Subcategory: Security Group Management Subcategory GUID: {0CCE9237-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279335 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Account Management Subcategory: Computer Account Management Subcategory GUID: {0CCE9236-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279334 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Account Management Subcategory: User Account Management Subcategory GUID: {0CCE9235-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279333 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Policy Change Subcategory: Authentication Policy Change Subcategory GUID: {0CCE9230-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279332 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Policy Change Subcategory: Audit Policy Change Subcategory GUID: {0CCE922F-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279331 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Detailed Tracking Subcategory: Process Creation Subcategory GUID: {0CCE922B-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279330 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Application Generated Subcategory GUID: {0CCE9222-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279329 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Logon/Logoff Subcategory: Network Policy Server Subcategory GUID: {0CCE9243-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279328 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Logon/Logoff Subcategory: Special Logon Subcategory GUID: {0CCE921B-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279327 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Logon/Logoff Subcategory: Account Lockout Subcategory GUID: {0CCE9217-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279326 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Logon/Logoff Subcategory: Logoff Subcategory GUID: {0CCE9216-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279325 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Logon/Logoff Subcategory: Logon Subcategory GUID: {0CCE9215-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279324 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: System Subcategory: Other System Events Subcategory GUID: {0CCE9214-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279323 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: System Subcategory: System Integrity Subcategory GUID: {0CCE9212-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279322 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: System Subcategory: Security State Change Subcategory GUID: {0CCE9210-69AE-11D9-BED3-505054503030} Changes: Success removed 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279321 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6FA411 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279320 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6FA50F Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=279319 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6FA559 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279318 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Delegation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6FA64A Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {92B77D66-3C49-FAD2-6B4C-4EAC426E14F9} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::a147:35ed:2004:ba49 Source Port: 54364 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279317 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6FA64A Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279316 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6FA559 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {FAA37440-1EBF-7FB9-4FD6-3C51828FFA5D} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.14 Source Port: 54363 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279315 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6FA559 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279314 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6FA50F Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {FAA37440-1EBF-7FB9-4FD6-3C51828FFA5D} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279313 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6FA50F Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=279312 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x6FA411 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {FAA37440-1EBF-7FB9-4FD6-3C51828FFA5D} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::a147:35ed:2004:ba49 Source Port: 54362 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 09/14/2021 02:49:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=279311 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x6FA411 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 09/14/2021 02:49:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279341 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Certification Services Subcategory GUID: {0CCE9221-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:49:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279342 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Central Policy Staging Subcategory GUID: {0CCE9246-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:49:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279343 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Registry Subcategory GUID: {0CCE921E-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:49:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279344 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Other Object Access Events Subcategory GUID: {0CCE9227-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279345 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Kernel Object Subcategory GUID: {0CCE921F-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279346 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Handle Manipulation Subcategory GUID: {0CCE9223-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279347 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Filtering Platform Packet Drop Subcategory GUID: {0CCE9225-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279348 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Filtering Platform Connection Subcategory GUID: {0CCE9226-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275763 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xdc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275762 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb70 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54387 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54387 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275765 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xc04 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275764 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xa1c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275766 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xf88 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279412 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: File System Subcategory GUID: {0CCE921D-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 54389 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54389 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 54389 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54388 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54388 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:50:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 54388 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275768 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x6d4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:50:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275767 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x58c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 54392 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54392 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 54392 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54391 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54391 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 54391 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54390 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54390 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54393 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54393 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279551 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: File Share Subcategory GUID: {0CCE9224-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54394 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54394 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 54394 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=279742 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Detailed File Share Subcategory GUID: {0CCE9244-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 54396 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54396 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 54396 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54395 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54395 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 54395 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54397 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54397 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=279993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54398 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54398 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=280090 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x705EC2 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=280089 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x705EC2 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit Access Request Information: Access Mask: 0x100081 Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Check Results: SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=280088 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x705EC2 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf Access Request Information: Access Mask: 0x80 Accesses: ReadAttributes Access Check Results: ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=280087 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x705EC2 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 54399 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=280083 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Audit Policy Change: Category: Object Access Subcategory: Removable Storage Subcategory GUID: {0CCE9245-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=280082 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Audit Policy Change: Category: Object Access Subcategory: SAM Subcategory GUID: {0CCE9220-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54400 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54400 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=280328 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x705EC2 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=280327 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x705EC2 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit Access Request Information: Access Mask: 0x100081 Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Check Results: SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=280326 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x705EC2 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54399 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf Access Request Information: Access Mask: 0x80 Accesses: ReadAttributes Access Check Results: ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=280325 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Audit Policy Change: Category: DS Access Subcategory: Detailed Directory Service Replication Subcategory GUID: {0CCE923E-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=280324 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Audit Policy Change: Category: DS Access Subcategory: Directory Service Replication Subcategory GUID: {0CCE923D-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=280323 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Audit Policy Change: Category: DS Access Subcategory: Directory Service Changes Subcategory GUID: {0CCE923C-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=280322 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Audit Policy Change: Category: DS Access Subcategory: Directory Service Access Subcategory GUID: {0CCE923B-69AE-11D9-BED3-505054503030} Changes: Success Added, Failure added 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=280321 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x15177859ac0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=280320 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x15177859120 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=280319 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: CN=Builtin,DC=attackrange,DC=local Handle ID: 0x15177859ac0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=280318 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: DC=attackrange,DC=local Handle ID: 0x15177859120 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54401 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54401 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280474 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1908 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280473 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x1908 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by D:(A;;0x1200a9;;;BA) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;BA) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;BA) ReadEA: Granted by D:(A;;0x1200a9;;;BA) ReadAttributes: Granted by D:(A;;0x1200a9;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280472 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xda4 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280471 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1908 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xda4 Target Process ID: 0x4 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5152 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Packet Drop OpCode=Info RecordNumber=280584 Keywords=Audit Failure Message=The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.0.1.12 Source Port: 8089 Destination Address: 10.0.1.14 Destination Port: 54393 Protocol: 6 Filter Information: Filter Run-Time ID: 69431 Layer Name: Transport Layer Run-Time ID: 13 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54402 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54402 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280710 Keywords=Audit Failure Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\gpedit.msc Handle ID: 0x0 Resource Attributes: - Process Information: Process ID: 0x159c Process Name: C:\Windows\System32\mmc.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by D:(A;;0x1200a9;;;BA) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;BA) WriteData (or AddFile): Not granted AppendData (or AddSubdirectory or CreatePipeInstance): Not granted WriteEA: Not granted ReadAttributes: Granted by ACE on parent folder D:(A;;0x1301bf;;;BA) WriteAttributes: Not granted Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280709 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x498 Process Information: Process ID: 0x133c Process Name: C:\Windows\System32\rdpclip.exe 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280708 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x498 Resource Attributes: S:AI Process Information: Process ID: 0x133c Process Name: C:\Windows\System32\rdpclip.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280707 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x498 Resource Attributes: - Process Information: Process ID: 0x133c Process Name: C:\Windows\System32\rdpclip.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280706 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf88 Process Information: Process ID: 0x133c Process Name: C:\Windows\System32\rdpclip.exe 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280705 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x498 Source Process ID: 0x133c New Handle Information: Target Handle ID: 0xf88 Target Process ID: 0x4 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280642 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x360 Process Information: Process ID: 0x890 Process Name: C:\Windows\System32\cmd.exe 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280641 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x360 Resource Attributes: - Process Information: Process ID: 0x890 Process Name: C:\Windows\System32\cmd.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by D:(A;;0x1200a9;;;BA) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;BA) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;BA) ReadEA: Granted by D:(A;;0x1200a9;;;BA) ReadAttributes: Granted by D:(A;;0x1200a9;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280640 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf14 Process Information: Process ID: 0x890 Process Name: C:\Windows\System32\cmd.exe 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280639 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x360 Source Process ID: 0x890 New Handle Information: Target Handle ID: 0xf14 Target Process ID: 0x4 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280636 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdbc Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280635 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\aborted-session-ping.tmp Handle ID: 0xdbc Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280634 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf70 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:50:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280633 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xdbc Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf70 Target Process ID: 0x4 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280715 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x10d4 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280714 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x10d4 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280713 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x10d4 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280712 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe54 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280711 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x10d4 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe54 Target Process ID: 0x4 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54403 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54403 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:50:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=280897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281362 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2a08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281361 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281360 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281359 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281358 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2a08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281357 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2a08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281356 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281355 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281354 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281353 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2a08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281352 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2a08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281351 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281350 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281349 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281348 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2a08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281347 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2a08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281346 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281345 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281344 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281343 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2a08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281342 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2a08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281341 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281340 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281339 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281338 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2a08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281337 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2a08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281336 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281335 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2a08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281334 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281333 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2a08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281121 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2350 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281120 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281119 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281118 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281117 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2350 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf44 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281116 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2350 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281115 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281114 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281113 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281112 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2350 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf44 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281111 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2350 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281110 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281109 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281108 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281107 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2350 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf44 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281106 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2350 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281105 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281104 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281103 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281102 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2350 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf44 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281101 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2350 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281100 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281099 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281098 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281097 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2350 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf44 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281096 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2350 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281095 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281094 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2350 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281093 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281092 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2350 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf44 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281091 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x26a8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281090 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281089 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281088 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281087 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x26a8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281086 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x26a8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281085 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281084 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281083 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281082 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x26a8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281081 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x26a8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281080 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281079 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281078 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281077 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x26a8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281076 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x26a8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281075 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281074 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281073 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281072 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x26a8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281071 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x26a8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281070 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281069 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281068 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281067 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x26a8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281066 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x26a8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281065 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281064 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x26a8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281063 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281062 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x26a8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281061 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2428 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281060 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2428 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281059 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2428 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281058 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281057 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2428 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281056 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x9d8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281055 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x9d8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281054 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x9d8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281053 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281052 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x9d8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281051 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x24a4 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281050 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x24a4 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281049 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x24a4 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281048 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281047 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x24a4 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281046 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1138 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281045 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1138 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadEA: Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281044 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281043 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1138 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf44 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281042 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1138 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281041 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2990 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281040 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf54 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281039 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281038 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281037 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281036 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xf54 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281035 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf54 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281034 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281033 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281032 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281031 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xf54 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281030 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf54 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281029 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281028 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281027 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281026 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xf54 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281025 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf54 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281024 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281023 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281022 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281021 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xf54 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281020 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf54 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281019 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281018 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281017 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281016 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xf54 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281015 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf54 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281014 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281013 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0xf54 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281012 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281011 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xf54 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281010 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19f8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281009 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x19f8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281008 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf1c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281007 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19f8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf1c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281006 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19f8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281005 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x19f8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281004 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf1c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281003 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19f8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf1c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281002 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19f8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281001 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x19f8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281000 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf1c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280999 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19f8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf1c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280998 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19f8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280997 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x19f8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280996 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf1c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280995 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19f8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf1c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280994 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x70c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280993 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280992 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280991 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280990 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280989 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x70c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280988 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280987 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280986 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280985 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280984 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x70c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280983 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280982 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280981 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280980 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280979 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x70c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280978 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280977 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280976 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280975 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280974 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x70c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280973 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280972 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280971 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280970 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280969 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x70c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280968 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280967 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280966 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280965 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280964 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x236c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280963 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x236c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280962 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x236c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280961 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280960 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x236c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280959 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1138 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280958 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1138 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280957 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1138 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280956 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280955 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1138 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280954 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2990 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280953 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2990 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280952 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2990 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280951 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280950 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2990 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280949 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x23f4 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280948 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x23f4 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadEA: Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=280947 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf70 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:50:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=280946 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x23f4 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf70 Target Process ID: 0x4 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281509 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2408 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281508 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x2408 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;ID;FA;;;BA) ReadAttributes: Granted by D:(A;ID;FA;;;BA) Access Mask: 0x100080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281507 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281506 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2408 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281505 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1e08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281504 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1e08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281503 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1e08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281502 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281501 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1e08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281500 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1478 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281499 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1478 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281498 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1478 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281497 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281496 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1478 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281495 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2048 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281494 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x2048 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE SYNCHRONIZE ReadAttributes Access Reasons: DELETE: Granted by D:(A;ID;FA;;;BA) SYNCHRONIZE: Granted by D:(A;ID;FA;;;BA) ReadAttributes: Granted by D:(A;ID;FA;;;BA) Access Mask: 0x110080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281493 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281492 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2048 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281491 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2050 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281490 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x2050 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281489 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x2050 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281488 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x8cc Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281487 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2050 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x8cc Target Process ID: 0x4 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281486 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2050 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281485 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x2050 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281484 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x2050 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281483 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x8cc Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281482 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2050 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x8cc Target Process ID: 0x4 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281739 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1240 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281738 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1240 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281737 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1240 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281736 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281735 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1240 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281593 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1fa8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281592 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281591 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281590 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc20 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281589 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1fa8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xc20 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281588 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1fa8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281587 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281586 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281585 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc20 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281584 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1fa8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xc20 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281583 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1fa8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281582 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281581 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281580 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc20 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281579 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1fa8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xc20 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281578 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1fa8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281577 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281576 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281575 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc20 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281574 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1fa8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xc20 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281573 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1fa8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281572 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281571 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281570 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc20 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281569 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1fa8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xc20 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281568 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1fa8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281567 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281566 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x1fa8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281565 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc20 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281564 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1fa8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xc20 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281563 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x334 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281562 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281561 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281560 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281559 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x334 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281558 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x334 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281557 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281556 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281555 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281554 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x334 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281553 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x334 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281552 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281551 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281550 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281549 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x334 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281548 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x334 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281547 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281546 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281545 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281544 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x334 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281543 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x334 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281542 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281541 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281540 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281539 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x334 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281538 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x334 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281537 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281536 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x334 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281535 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281534 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x334 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe24 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281533 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281532 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281531 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281530 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281529 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281528 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x9d8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281527 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x9d8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281526 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x9d8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281525 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281524 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x9d8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281523 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2048 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281522 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x2048 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE Access Reasons: DELETE: Granted by D:(A;ID;FA;;;BA) Access Mask: 0x10000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281521 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281520 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2048 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4659 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281519 Keywords=Audit Success Message=A handle to an object was requested with intent to delete. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected\places.sqlite Handle ID: 0x0 Process Information: Process ID: 0x1098 Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE Access Mask: 0x10000 Privileges Used for Access Check: - 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281518 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x9d8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281517 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x24a4 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54404 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54404 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281972 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19a0 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281971 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\SiteSecurityServiceState.txt Handle ID: 0x19a0 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281970 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf1c Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=281969 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19a0 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf1c Target Process ID: 0x4 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=281968 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf1c Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=281967 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\SiteSecurityServiceState.txt Handle ID: 0xf1c Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282118 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2abc Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282117 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe4c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282116 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2abc Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe4c Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282112 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x4cc Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282111 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x4cc Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282110 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x4cc Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282109 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe4c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282108 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x4cc Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe4c Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282107 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x58c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282106 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1138 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282105 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1138 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282104 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1138 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282103 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282102 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1138 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282101 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x58c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282100 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x58c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282099 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282098 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x58c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282097 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x58c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282096 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1138 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282095 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1138 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282094 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1138 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282093 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282092 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1138 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282091 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x58c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282090 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x58c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282089 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282088 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x58c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282087 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19c8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282086 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2b44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282085 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2b44 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282084 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2b44 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282083 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xd08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282082 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2b44 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xd08 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282081 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x19c8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282080 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x19c8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282079 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xd08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282078 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19c8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xd08 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282077 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19c8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282076 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2b44 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282075 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2b44 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282074 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2b44 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282073 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xd08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282072 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2b44 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xd08 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282071 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x19c8 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282070 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x19c8 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282069 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xd08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282068 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19c8 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xd08 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282067 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x237c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282066 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x237c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282065 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x237c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282064 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf58 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282063 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x237c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf58 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282062 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x237c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282061 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x237c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282060 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x237c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282059 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf58 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282058 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x237c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf58 Target Process ID: 0x4 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=281973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282155 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x778 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282154 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x289c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282153 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x289c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282152 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x289c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282151 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282150 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x289c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282149 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x778 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282148 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x778 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282147 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282146 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x778 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282145 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x778 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282144 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x289c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282143 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x289c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282142 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x289c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282141 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282140 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x289c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282139 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x778 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282138 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x778 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282137 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282136 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x778 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282135 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2abc Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282134 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2ae4 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282133 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2ae4 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282132 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2ae4 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282131 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe4c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282130 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2ae4 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe4c Target Process ID: 0x4 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282129 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2abc Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282128 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2abc Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282127 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe4c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282126 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2abc Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe4c Target Process ID: 0x4 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282125 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2abc Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282124 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2ae4 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282123 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2ae4 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282122 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x2ae4 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282121 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe4c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282120 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2ae4 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xe4c Target Process ID: 0x4 09/14/2021 02:51:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282119 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2abc Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282481 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm Handle ID: 0x1284 Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282480 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm Handle ID: 0x1284 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282479 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282478 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1284 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282477 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal Handle ID: 0x1290 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282476 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282475 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1290 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282474 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite Handle ID: 0x1840 Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282473 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite Handle ID: 0x1840 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282472 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282471 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1840 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282470 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm Handle ID: 0x1a38 Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282469 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm Handle ID: 0x1a38 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282468 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf88 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282467 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1a38 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf88 Target Process ID: 0x4 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282466 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal Handle ID: 0x1a28 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282465 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf88 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282464 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1a28 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf88 Target Process ID: 0x4 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282463 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite Handle ID: 0x19a4 Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282462 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite Handle ID: 0x19a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282461 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf88 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282460 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf88 Target Process ID: 0x4 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54405 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54405 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282860 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x21c0 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282859 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x21c0 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282858 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282857 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x21c0 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf80 Target Process ID: 0x4 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282856 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=282855 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xf80 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282854 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282853 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282852 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282851 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf80 Target Process ID: 0x4 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282850 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=282849 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xf80 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282848 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282847 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282846 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282845 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf80 Target Process ID: 0x4 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282844 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=282843 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xf80 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282842 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x21a8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282841 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x21a8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282840 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282839 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x21a8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf80 Target Process ID: 0x4 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282838 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=282837 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xf80 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282836 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282835 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282834 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282833 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf80 Target Process ID: 0x4 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282832 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=282831 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xf80 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282830 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282829 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282828 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=282827 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf80 Target Process ID: 0x4 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=282826 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf80 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=282825 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xf80 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=282969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54406 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54406 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275770 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xf08 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:51:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275769 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x8a8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275772 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x50c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275771 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xd30 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:51:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275774 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xeb8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:51:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275773 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xda8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:51:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283224 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1840 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283223 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1290 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283222 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283221 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1284 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283220 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1a28 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283219 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1a38 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275775 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xa5c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54407 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54407 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54408 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54408 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283369 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283368 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x19a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283367 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=283366 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xa40 Target Process ID: 0x4 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283365 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=283364 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xa40 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283363 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283362 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x19a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283361 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=283360 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xa40 Target Process ID: 0x4 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283359 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=283358 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xa40 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283357 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1284 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283356 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1284 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283355 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=283354 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1284 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xa40 Target Process ID: 0x4 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283353 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=283352 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xa40 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283351 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283350 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x19a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283349 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=283348 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xa40 Target Process ID: 0x4 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283347 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=283346 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xa40 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283345 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1284 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283344 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1284 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283343 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=283342 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1284 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xa40 Target Process ID: 0x4 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283341 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=283340 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xa40 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283339 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x19a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283338 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x19a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283337 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=283336 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x19a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xa40 Target Process ID: 0x4 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=283335 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=283334 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xa40 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4772 Application Name: \device\harddiskvolume1\program files\google\chrome\application\chrome.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 65100 Destination Address: 239.255.255.250 Destination Port: 1900 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4772 Application Name: \device\harddiskvolume1\program files\google\chrome\application\chrome.exe Network Information: Source Address: 10.0.1.14 Source Port: 65100 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54409 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54409 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 54409 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54410 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54410 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54414 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54414 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 54414 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54413 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54413 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 54413 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 908 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54412 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54412 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 54412 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54411 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54411 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=283976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54415 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54415 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54416 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54416 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54417 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54417 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5152 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Packet Drop OpCode=Info RecordNumber=284363 Keywords=Audit Failure Message=The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.0.1.12 Source Port: 8089 Destination Address: 10.0.1.14 Destination Port: 54408 Protocol: 6 Filter Information: Filter Run-Time ID: 69431 Layer Name: Transport Layer Run-Time ID: 13 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54418 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54418 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:51:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:52:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54419 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54419 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54420 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54420 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54421 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=284994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54421 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285112 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285111 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285110 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285109 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc54 Target Process ID: 0x4 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285108 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285107 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc54 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285106 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285105 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285104 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285103 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc54 Target Process ID: 0x4 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285102 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285101 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc54 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285100 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285099 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285098 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285097 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc54 Target Process ID: 0x4 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285096 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285095 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc54 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285094 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285093 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285092 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285091 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc54 Target Process ID: 0x4 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285090 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285089 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc54 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285088 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285087 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285086 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285085 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc54 Target Process ID: 0x4 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285084 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285083 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc54 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285082 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x864 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285081 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x864 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285080 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285079 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x864 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc54 Target Process ID: 0x4 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285078 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285077 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc54 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275777 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4a8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275776 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb24 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54422 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54422 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275779 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbfc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275778 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x694 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275781 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x324 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:52:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275780 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x648 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275782 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x9cc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54424 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54424 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54423 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54423 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54425 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54425 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 54425 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54426 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54426 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285903 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2b04 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285902 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x778 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285901 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x778 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285900 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x778 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285899 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285898 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x778 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285897 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2b04 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285896 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2b04 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285895 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285894 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2b04 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285893 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2b04 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285892 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x778 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285891 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x778 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285890 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x778 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285889 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285888 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x778 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285887 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2b04 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285886 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x2b04 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285885 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdb0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285884 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2b04 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xdb0 Target Process ID: 0x4 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285991 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf6c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285990 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0xf6c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285989 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0xf6c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x120080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285988 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf98 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285987 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xf6c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf98 Target Process ID: 0x4 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54427 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54427 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285984 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x28cc Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285983 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1e08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285982 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1e08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285981 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1e08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285980 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285979 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1e08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285978 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x28cc Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285977 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x28cc Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285976 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285975 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x28cc Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285974 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x28cc Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285973 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1e08 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285972 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1e08 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285971 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x1e08 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL Access Reasons: READ_CONTROL: Granted by Ownership Access Mask: 0x20000 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285970 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285969 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1e08 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285968 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x28cc Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285967 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x28cc Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x20080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=285966 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:52:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=285965 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x28cc Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=285992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=286279 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x15177859f90 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=286278 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x15177859ac0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=286277 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x1517785d950 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=286276 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_USER Object Name: ATTACKRANGE\Administrator Handle ID: 0x1517785d950 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups Access Reasons: - Access Mask: 0xF01BF Privileges Used for Access Check: - Properties: --- {bf967aba-0de6-11d0-a285-00aa003049e2} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups {59ba2f42-79a2-11d0-9020-00c04fc2d3cf} {bf967938-0de6-11d0-a285-00aa003049e2} {5fd42471-1262-11d0-a060-00aa006c33ed} {bf9679e8-0de6-11d0-a285-00aa003049e2} {bf967a00-0de6-11d0-a285-00aa003049e2} {3e0abfd0-126a-11d0-a060-00aa006c33ed} {bf967a6a-0de6-11d0-a285-00aa003049e2} {bf967953-0de6-11d0-a285-00aa003049e2} {4c164200-20c0-11d0-a768-00aa006e0529} {bf967915-0de6-11d0-a285-00aa003049e2} {bf967a0a-0de6-11d0-a285-00aa003049e2} {bf967a68-0de6-11d0-a285-00aa003049e2} {bf967a6d-0de6-11d0-a285-00aa003049e2} {5f202010-79a5-11d0-9020-00c04fc2d4cf} {bf96792e-0de6-11d0-a285-00aa003049e2} {bf967985-0de6-11d0-a285-00aa003049e2} {bf967986-0de6-11d0-a285-00aa003049e2} {bf967996-0de6-11d0-a285-00aa003049e2} {bf967997-0de6-11d0-a285-00aa003049e2} {bf9679aa-0de6-11d0-a285-00aa003049e2} {bf9679ab-0de6-11d0-a285-00aa003049e2} {bf9679ac-0de6-11d0-a285-00aa003049e2} {bf967a05-0de6-11d0-a285-00aa003049e2} {bf9679a8-0de6-11d0-a285-00aa003049e2} {e48d0154-bcf8-11d1-8702-00c04fb96050} {bf967950-0de6-11d0-a285-00aa003049e2} {bc0ac240-79a9-11d0-9020-00c04fc2d4cf} {bf967991-0de6-11d0-a285-00aa003049e2} {ab721a53-1e2f-11d0-9819-00aa0040529b} {00299570-246d-11d0-a768-00aa006e0529} {7ed84960-ad10-11d0-8a92-00aa006e0529} Restricted SID Count: 0 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=286275 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: CN=Builtin,DC=attackrange,DC=local Handle ID: 0x15177859f90 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=286274 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: DC=attackrange,DC=local Handle ID: 0x15177859ac0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54430 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 49666 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54430 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 49666 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Source Address: :: Source Port: 54430 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 908 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54429 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54429 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Source Address: :: Source Port: 54429 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54428 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54428 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=286685 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x1517785a460 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=286684 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x1517785e7c0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=286683 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x15177857de0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=286682 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_USER Object Name: ATTACKRANGE\Administrator Handle ID: 0x15177857de0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups Access Reasons: - Access Mask: 0xF01BF Privileges Used for Access Check: - Properties: --- {bf967aba-0de6-11d0-a285-00aa003049e2} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups {59ba2f42-79a2-11d0-9020-00c04fc2d3cf} {bf967938-0de6-11d0-a285-00aa003049e2} {5fd42471-1262-11d0-a060-00aa006c33ed} {bf9679e8-0de6-11d0-a285-00aa003049e2} {bf967a00-0de6-11d0-a285-00aa003049e2} {3e0abfd0-126a-11d0-a060-00aa006c33ed} {bf967a6a-0de6-11d0-a285-00aa003049e2} {bf967953-0de6-11d0-a285-00aa003049e2} {4c164200-20c0-11d0-a768-00aa006e0529} {bf967915-0de6-11d0-a285-00aa003049e2} {bf967a0a-0de6-11d0-a285-00aa003049e2} {bf967a68-0de6-11d0-a285-00aa003049e2} {bf967a6d-0de6-11d0-a285-00aa003049e2} {5f202010-79a5-11d0-9020-00c04fc2d4cf} {bf96792e-0de6-11d0-a285-00aa003049e2} {bf967985-0de6-11d0-a285-00aa003049e2} {bf967986-0de6-11d0-a285-00aa003049e2} {bf967996-0de6-11d0-a285-00aa003049e2} {bf967997-0de6-11d0-a285-00aa003049e2} {bf9679aa-0de6-11d0-a285-00aa003049e2} {bf9679ab-0de6-11d0-a285-00aa003049e2} {bf9679ac-0de6-11d0-a285-00aa003049e2} {bf967a05-0de6-11d0-a285-00aa003049e2} {bf9679a8-0de6-11d0-a285-00aa003049e2} {e48d0154-bcf8-11d1-8702-00c04fb96050} {bf967950-0de6-11d0-a285-00aa003049e2} {bc0ac240-79a9-11d0-9020-00c04fc2d4cf} {bf967991-0de6-11d0-a285-00aa003049e2} {ab721a53-1e2f-11d0-9819-00aa0040529b} {00299570-246d-11d0-a768-00aa006e0529} {7ed84960-ad10-11d0-8a92-00aa006e0529} Restricted SID Count: 0 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=286681 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: CN=Builtin,DC=attackrange,DC=local Handle ID: 0x1517785a460 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=286680 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: DC=attackrange,DC=local Handle ID: 0x1517785e7c0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54431 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54431 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=286936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5152 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Packet Drop OpCode=Info RecordNumber=287147 Keywords=Audit Failure Message=The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.0.1.12 Source Port: 8089 Destination Address: 10.0.1.14 Destination Port: 54424 Protocol: 6 Filter Information: Filter Run-Time ID: 69431 Layer Name: Transport Layer Run-Time ID: 13 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54432 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54432 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287235 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable Access Request Information: Access Mask: 0x100081 Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287234 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: \ Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287233 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: \ Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287232 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: \ Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287231 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: \ Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287230 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287229 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287228 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287227 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287226 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287225 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287224 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287223 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287222 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287221 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287220 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287219 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287218 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287217 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287216 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287215 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable Access Request Information: Access Mask: 0x100080 Accesses: SYNCHRONIZE ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=287214 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Relative Target Name: Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable Access Request Information: Access Mask: 0x100081 Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Check Results: - 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=287213 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\C$ Share Path: \??\C:\ Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54435 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2360 Application Name: \device\harddiskvolume1\windows\system32\dfssvc.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54435 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2360 Application Name: \device\harddiskvolume1\windows\system32\dfssvc.exe Network Information: Source Address: :: Source Port: 54435 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54434 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2360 Application Name: \device\harddiskvolume1\windows\system32\dfssvc.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54434 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2360 Application Name: \device\harddiskvolume1\windows\system32\dfssvc.exe Network Information: Source Address: :: Source Port: 54434 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2360 Application Name: \device\harddiskvolume1\windows\system32\dfssvc.exe Network Information: Source Address: 127.0.0.1 Source Port: 65101 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=287205 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Network Information: Object Type: File Source Address: ::1 Source Port: 54433 Share Information: Share Name: \\*\IPC$ Share Path: Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: ::1 Source Port: 54433 Destination Address: ::1 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: ::1 Source Port: 54433 Destination Address: ::1 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:52:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 54433 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:52:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54436 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54436 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287630 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x938 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287629 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x938 Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287628 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x938 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287627 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe64 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287626 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x938 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xe64 Target Process ID: 0x4 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=287625 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x1517785b2d0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=287624 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x1517785c140 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=287623 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x1517785bc70 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=287622 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_USER Object Name: ATTACKRANGE\Administrator Handle ID: 0x1517785bc70 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups Access Reasons: - Access Mask: 0xF01BF Privileges Used for Access Check: - Properties: --- {bf967aba-0de6-11d0-a285-00aa003049e2} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups {59ba2f42-79a2-11d0-9020-00c04fc2d3cf} {bf967938-0de6-11d0-a285-00aa003049e2} {5fd42471-1262-11d0-a060-00aa006c33ed} {bf9679e8-0de6-11d0-a285-00aa003049e2} {bf967a00-0de6-11d0-a285-00aa003049e2} {3e0abfd0-126a-11d0-a060-00aa006c33ed} {bf967a6a-0de6-11d0-a285-00aa003049e2} {bf967953-0de6-11d0-a285-00aa003049e2} {4c164200-20c0-11d0-a768-00aa006e0529} {bf967915-0de6-11d0-a285-00aa003049e2} {bf967a0a-0de6-11d0-a285-00aa003049e2} {bf967a68-0de6-11d0-a285-00aa003049e2} {bf967a6d-0de6-11d0-a285-00aa003049e2} {5f202010-79a5-11d0-9020-00c04fc2d4cf} {bf96792e-0de6-11d0-a285-00aa003049e2} {bf967985-0de6-11d0-a285-00aa003049e2} {bf967986-0de6-11d0-a285-00aa003049e2} {bf967996-0de6-11d0-a285-00aa003049e2} {bf967997-0de6-11d0-a285-00aa003049e2} {bf9679aa-0de6-11d0-a285-00aa003049e2} {bf9679ab-0de6-11d0-a285-00aa003049e2} {bf9679ac-0de6-11d0-a285-00aa003049e2} {bf967a05-0de6-11d0-a285-00aa003049e2} {bf9679a8-0de6-11d0-a285-00aa003049e2} {e48d0154-bcf8-11d1-8702-00c04fb96050} {bf967950-0de6-11d0-a285-00aa003049e2} {bc0ac240-79a9-11d0-9020-00c04fc2d4cf} {bf967991-0de6-11d0-a285-00aa003049e2} {ab721a53-1e2f-11d0-9819-00aa0040529b} {00299570-246d-11d0-a768-00aa006e0529} {7ed84960-ad10-11d0-8a92-00aa006e0529} Restricted SID Count: 0 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=287621 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: CN=Builtin,DC=attackrange,DC=local Handle ID: 0x1517785b2d0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=287620 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: DC=attackrange,DC=local Handle ID: 0x1517785c140 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=287722 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x1517785d950 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=287721 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x15177859ac0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=287720 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Handle ID: 0x15177859120 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=287719 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_USER Object Name: ATTACKRANGE\Administrator Handle ID: 0x15177859120 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups Access Reasons: - Access Mask: 0xF01BF Privileges Used for Access Check: - Properties: --- {bf967aba-0de6-11d0-a285-00aa003049e2} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadGeneralInformation ReadPreferences WritePreferences ReadLogon ReadAccount WriteAccount SetPassword (without knowledge of old password) ListGroups {59ba2f42-79a2-11d0-9020-00c04fc2d3cf} {bf967938-0de6-11d0-a285-00aa003049e2} {5fd42471-1262-11d0-a060-00aa006c33ed} {bf9679e8-0de6-11d0-a285-00aa003049e2} {bf967a00-0de6-11d0-a285-00aa003049e2} {3e0abfd0-126a-11d0-a060-00aa006c33ed} {bf967a6a-0de6-11d0-a285-00aa003049e2} {bf967953-0de6-11d0-a285-00aa003049e2} {4c164200-20c0-11d0-a768-00aa006e0529} {bf967915-0de6-11d0-a285-00aa003049e2} {bf967a0a-0de6-11d0-a285-00aa003049e2} {bf967a68-0de6-11d0-a285-00aa003049e2} {bf967a6d-0de6-11d0-a285-00aa003049e2} {5f202010-79a5-11d0-9020-00c04fc2d4cf} {bf96792e-0de6-11d0-a285-00aa003049e2} {bf967985-0de6-11d0-a285-00aa003049e2} {bf967986-0de6-11d0-a285-00aa003049e2} {bf967996-0de6-11d0-a285-00aa003049e2} {bf967997-0de6-11d0-a285-00aa003049e2} {bf9679aa-0de6-11d0-a285-00aa003049e2} {bf9679ab-0de6-11d0-a285-00aa003049e2} {bf9679ac-0de6-11d0-a285-00aa003049e2} {bf967a05-0de6-11d0-a285-00aa003049e2} {bf9679a8-0de6-11d0-a285-00aa003049e2} {e48d0154-bcf8-11d1-8702-00c04fb96050} {bf967950-0de6-11d0-a285-00aa003049e2} {bc0ac240-79a9-11d0-9020-00c04fc2d4cf} {bf967991-0de6-11d0-a285-00aa003049e2} {ab721a53-1e2f-11d0-9819-00aa0040529b} {00299570-246d-11d0-a768-00aa006e0529} {7ed84960-ad10-11d0-8a92-00aa006e0529} Restricted SID Count: 0 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=287718 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: CN=Builtin,DC=attackrange,DC=local Handle ID: 0x1517785d950 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4661 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=SAM OpCode=Info RecordNumber=287717 Keywords=Audit Success Message=A handle to an object was requested. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: DC=attackrange,DC=local Handle ID: 0x15177859ac0 Process Information: Process ID: 0x27c Process Name: C:\Windows\System32\lsass.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts Access Reasons: - Access Mask: 0xF01FF Privileges Used for Access Check: - Properties: --- {19195a5a-6da0-11d0-afd3-00c04fd930c9} DELETE READ_CONTROL WRITE_DAC WRITE_OWNER ReadPasswordParameters WritePasswordParameters ReadOtherParameters WriteOtherParameters CreateUser CreateGlobalGroup CreateLocalGroup GetLocalGroupMembership ListAccounts {c7407360-20bf-11d0-a768-00aa006e0529} {bf9679a4-0de6-11d0-a285-00aa003049e2} {bf9679a5-0de6-11d0-a285-00aa003049e2} {bf9679a6-0de6-11d0-a285-00aa003049e2} {bf9679bb-0de6-11d0-a285-00aa003049e2} {bf9679c2-0de6-11d0-a285-00aa003049e2} {bf9679c3-0de6-11d0-a285-00aa003049e2} {bf967a09-0de6-11d0-a285-00aa003049e2} {bf967a0b-0de6-11d0-a285-00aa003049e2} {b8119fd0-04f6-4762-ab7a-4986c76b3f9a} {bf967a34-0de6-11d0-a285-00aa003049e2} {bf967a33-0de6-11d0-a285-00aa003049e2} {bf9679c5-0de6-11d0-a285-00aa003049e2} {bf967a61-0de6-11d0-a285-00aa003049e2} {bf967977-0de6-11d0-a285-00aa003049e2} {bf96795e-0de6-11d0-a285-00aa003049e2} {bf9679ea-0de6-11d0-a285-00aa003049e2} {ab721a52-1e2f-11d0-9819-00aa0040529b} Restricted SID Count: 0 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287716 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x924 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287715 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x924 Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287714 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x924 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287713 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf7c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287712 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x924 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xf7c Target Process ID: 0x4 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287711 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa30 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287710 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0xa30 Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287709 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0xa30 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287708 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa40 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287707 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xa30 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xa40 Target Process ID: 0x4 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287706 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x840 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287705 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x840 Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287704 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x840 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287703 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xe44 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287702 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x840 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xe44 Target Process ID: 0x4 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287763 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xb9c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287762 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\features\{0828ef7d-6c13-4997-8088-672d47959708} Handle ID: 0xb9c Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287761 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\features\{0828ef7d-6c13-4997-8088-672d47959708} Handle ID: 0xb9c Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287760 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf7c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287759 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xb9c Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xf7c Target Process ID: 0x4 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287758 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xb9c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287757 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\features Handle ID: 0xb9c Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287756 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\features Handle ID: 0xb9c Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287755 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf7c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287754 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xb9c Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xf7c Target Process ID: 0x4 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:52:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288012 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite-shm Handle ID: 0xba4 Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288011 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite-shm Handle ID: 0xba4 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288010 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbd8 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=288009 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xba4 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xbd8 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288008 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite-wal Handle ID: 0xb98 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288007 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbd8 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=288006 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xb98 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xbd8 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288005 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite Handle ID: 0xa5c Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288004 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite Handle ID: 0xa5c Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288003 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbd8 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=288002 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xa5c Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xbd8 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288001 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa5c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=288000 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xb98 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287999 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xba4 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287998 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite-shm Handle ID: 0xba4 Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287997 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite-shm Handle ID: 0xba4 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287996 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbd8 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287995 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xba4 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xbd8 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287994 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite-wal Handle ID: 0xb98 Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287993 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbd8 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287992 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xb98 Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xbd8 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287991 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite Handle ID: 0xa5c Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287990 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite Handle ID: 0xa5c Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287989 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbd8 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287988 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xa5c Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xbd8 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287987 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa5c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287986 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite Handle ID: 0xa5c Resource Attributes: S:AI Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287985 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite Handle ID: 0xa5c Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287984 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbd8 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287983 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xa5c Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xbd8 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=287965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287964 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x111c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287963 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x111c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287962 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release Handle ID: 0x111c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) ReadAttributes: Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287961 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xfc4 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287960 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x111c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xfc4 Target Process ID: 0x4 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287959 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xb2c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287958 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\cookies.sqlite Handle ID: 0xb2c Resource Attributes: - Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=287957 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=287956 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xb2c Source Process ID: 0xc14 New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54437 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54437 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54438 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54438 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54439 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54439 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275784 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xfa0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275783 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xce4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275786 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xa0c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275785 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xde8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275788 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xc38 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275787 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5e8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54440 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54440 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275789 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3ac New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54441 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54441 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4772 Application Name: \device\harddiskvolume1\program files\google\chrome\application\chrome.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 65102 Destination Address: 239.255.255.250 Destination Port: 1900 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4772 Application Name: \device\harddiskvolume1\program files\google\chrome\application\chrome.exe Network Information: Source Address: 10.0.1.14 Source Port: 65102 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54443 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54443 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 54443 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54442 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54442 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=288993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54444 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54444 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289098 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1008 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289097 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1008 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289096 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=289095 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1008 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc50 Target Process ID: 0x4 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289094 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=289093 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc50 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289092 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1008 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289091 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1008 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289090 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=289089 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1008 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc50 Target Process ID: 0x4 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289088 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=289087 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc50 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289086 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1008 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289085 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1008 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289084 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=289083 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1008 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc50 Target Process ID: 0x4 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289082 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=289081 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc50 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289080 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1008 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289079 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1008 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289078 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=289077 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1008 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc50 Target Process ID: 0x4 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289076 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=289075 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc50 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289074 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1008 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289073 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1008 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289072 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=289071 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1008 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc50 Target Process ID: 0x4 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289070 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=289069 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc50 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289068 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1008 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289067 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1008 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289066 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=289065 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1008 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xc50 Target Process ID: 0x4 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289064 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xc50 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:53:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=289063 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xc50 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54445 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54445 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54446 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54446 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54447 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54447 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5152 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Packet Drop OpCode=Info RecordNumber=289603 Keywords=Audit Failure Message=The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.0.1.12 Source Port: 8089 Destination Address: 10.0.1.14 Destination Port: 54441 Protocol: 6 Filter Information: Filter Run-Time ID: 69431 Layer Name: Transport Layer Run-Time ID: 13 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54448 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54448 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289673 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xa5c Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289672 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xb98 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=289671 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xba4 Process Information: Process ID: 0xc14 Process Name: C:\Users\Administrator\Downloads\SQLiteDatabaseBrowserPortable\App\SQLiteDatabaseBrowser64\DB Browser for SQLCipher.exe 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54449 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54449 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:53:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:54:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:54:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:54:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54450 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=289998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54450 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54451 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54451 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54452 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54452 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275791 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xab0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:54:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275790 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x980 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275793 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xba4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275792 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x208 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290533 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2008 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290532 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2008 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100080 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290531 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbf0 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=290530 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2008 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xbf0 Target Process ID: 0x4 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290528 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2234 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290527 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2234 Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290526 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x2234 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290525 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=290524 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2234 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290523 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290522 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: S:AI Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290521 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Temp\protected Handle ID: 0x70c Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Access Reasons: SYNCHRONIZE: Granted by D:(A;OICIID;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICIID;FA;;;BA) ReadAttributes: Granted by D:(A;OICIID;FA;;;BA) Access Mask: 0x100081 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290520 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf24 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=290519 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x70c Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xf24 Target Process ID: 0x4 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290518 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x70c Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=290517 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x9d8 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275795 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x750 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:54:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275794 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xcc8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275796 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xfc4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:54:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54453 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54453 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54454 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54454 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54455 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54455 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 54455 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2988 Application Name: \device\harddiskvolume1\temp\jssloader.exe Network Information: Source Address: 127.0.0.1 Source Port: 65103 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54456 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54456 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=290921 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x264 Process Information: Process ID: 0x148c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=290920 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Process Object Name: \Device\HarddiskVolume1\Windows\System32\lsass.exe Handle ID: 0x264 Resource Attributes: - Process Information: Process ID: 0x148c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe Access Request Information: Accesses: Read from process memory Access Mask: 0x10 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=290919 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Process Object Name: \Device\HarddiskVolume1\Windows\System32\lsass.exe Handle ID: 0x264 Resource Attributes: - Process Information: Process ID: 0x148c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: Read from process memory Query process information Undefined Access (no effect) Bit 12 Access Reasons: - Access Mask: 0x1410 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=290918 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf5c Process Information: Process ID: 0x148c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=290917 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x264 Source Process ID: 0x148c New Handle Information: Target Handle ID: 0xf5c Target Process ID: 0x4 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 54457 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2988 Application Name: \device\harddiskvolume1\temp\jssloader.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54457 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=290841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2988 Application Name: \device\harddiskvolume1\temp\jssloader.exe Network Information: Source Address: 0.0.0.0 Source Port: 54457 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 7820 Application Name: \device\harddiskvolume1\windows\system32\wbem\wmiprvse.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54458 Destination Address: 93.184.220.29 Destination Port: 80 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 7820 Application Name: \device\harddiskvolume1\windows\system32\wbem\wmiprvse.exe Network Information: Source Address: 0.0.0.0 Source Port: 54458 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51111 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 62355 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 62355 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 62355 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 62355 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291256 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x3a0 Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291255 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates Handle ID: 0x3a0 Resource Attributes: - Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Access Reasons: - Access Mask: 0x3001F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291254 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=291253 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x3a0 Source Process ID: 0x1e8c New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291252 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x39c Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291251 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates Handle ID: 0x39c Resource Attributes: - Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Access Reasons: - Access Mask: 0x3001F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291250 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=291249 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x39c Source Process ID: 0x1e8c New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291248 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x398 Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291247 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates Handle ID: 0x398 Resource Attributes: - Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Access Reasons: - Access Mask: 0x3001F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291246 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x700 Process Information: Process ID: 0x1e8c Process Name: C:\Windows\System32\wbem\WmiPrvSE.exe 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=291245 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x398 Source Process ID: 0x1e8c New Handle Information: Target Handle ID: 0x700 Target Process ID: 0x4 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54459 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54459 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=291735 Keywords=Audit Failure Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Windows\System32\eventvwr.msc Handle ID: 0x0 Resource Attributes: - Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by D:(A;;0x1200a9;;;BA) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;BA) WriteData (or AddFile): Not granted AppendData (or AddSubdirectory or CreatePipeInstance): Not granted WriteEA: Not granted ReadAttributes: Granted by ACE on parent folder D:(A;;0x1301bf;;;BA) WriteAttributes: Not granted Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291734 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x360 Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291733 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates Handle ID: 0x360 Resource Attributes: - Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Access Reasons: - Access Mask: 0x3001F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291732 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=291731 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x360 Source Process ID: 0x1e68 New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291730 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x35c Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291729 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates Handle ID: 0x35c Resource Attributes: - Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Access Reasons: - Access Mask: 0x3001F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291728 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=291727 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x35c Source Process ID: 0x1e68 New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291726 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x358 Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291725 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates Handle ID: 0x358 Resource Attributes: - Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Access Reasons: - Access Mask: 0x3001F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Registry OpCode=Info RecordNumber=291724 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x7d8 Process Information: Process ID: 0x1e68 Process Name: C:\Windows\System32\mmc.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=291723 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x358 Source Process ID: 0x1e68 New Handle Information: Target Handle ID: 0x7d8 Target Process ID: 0x4 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=291722 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1120 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=291721 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Handle ID: 0x1120 Resource Attributes: - Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by D:(A;;0x1200a9;;;BA) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;BA) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;BA) ReadEA: Granted by D:(A;;0x1200a9;;;BA) ReadAttributes: Granted by D:(A;;0x1200a9;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=291720 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xb74 Process Information: Process ID: 0x1098 Process Name: C:\Windows\explorer.exe 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=291719 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1120 Source Process ID: 0x1098 New Handle Information: Target Handle ID: 0xb74 Target Process ID: 0x4 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 7820 Application Name: \device\harddiskvolume1\windows\system32\wbem\wmiprvse.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54461 Destination Address: 93.184.220.29 Destination Port: 80 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 7820 Application Name: \device\harddiskvolume1\windows\system32\wbem\wmiprvse.exe Network Information: Source Address: 0.0.0.0 Source Port: 54461 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54460 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54460 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=291945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54462 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54462 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292272 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x5e4 Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292271 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x5e4 Resource Attributes: S:AI Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292270 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x614 Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292269 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x614 Resource Attributes: S:AI Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Accesses: READ_CONTROL Access Mask: 0x20000 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=292268 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x5e4 Source Process ID: 0xbac New Handle Information: Target Handle ID: 0x614 Target Process ID: 0xbac 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292267 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x5e4 Resource Attributes: S:AI Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292266 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x5e4 Resource Attributes: - Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292265 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbac Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=292264 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x5e4 Source Process ID: 0xbac New Handle Information: Target Handle ID: 0xbac Target Process ID: 0x4 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292263 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x5e4 Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292262 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x5e4 Resource Attributes: S:AI Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Accesses: ReadAttributes Access Mask: 0x80 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292261 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\places.sqlite Handle ID: 0x5e4 Resource Attributes: - Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292260 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbac Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=292259 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x5e4 Source Process ID: 0xbac New Handle Information: Target Handle ID: 0xbac Target Process ID: 0x4 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292258 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x5e4 Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292257 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x5e4 Resource Attributes: S:AI Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292256 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles Handle ID: 0x5e4 Resource Attributes: - Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: SYNCHRONIZE ReadData (or ListDirectory) Access Reasons: SYNCHRONIZE: Granted by D:(A;OICI;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;OICI;FA;;;BA) Access Mask: 0x100001 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=292255 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xbac Process Information: Process ID: 0xbac Process Name: C:\Temp\jssloader.exe 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=292254 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x5e4 Source Process ID: 0xbac New Handle Information: Target Handle ID: 0xbac Target Process ID: 0x4 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51263 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 58859 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 58859 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 58859 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:54:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 58859 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54463 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54463 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5152 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Packet Drop OpCode=Info RecordNumber=292778 Keywords=Audit Failure Message=The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.0.1.12 Source Port: 8089 Destination Address: 10.0.1.14 Destination Port: 54454 Protocol: 6 Filter Information: Filter Run-Time ID: 69431 Layer Name: Transport Layer Run-Time ID: 13 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54464 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54464 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=292966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293095 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xd54 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293094 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xd54 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293093 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=293092 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xd54 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xef4 Target Process ID: 0x4 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293091 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293090 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xef4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293089 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293088 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293087 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=293086 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xef4 Target Process ID: 0x4 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293085 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293084 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xef4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293083 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293082 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293081 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=293080 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xef4 Target Process ID: 0x4 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293079 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293078 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xef4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293077 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2030 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293076 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x2030 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293075 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=293074 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2030 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xef4 Target Process ID: 0x4 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293073 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293072 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xef4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293071 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1ab4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293070 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1ab4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293069 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=293068 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1ab4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xef4 Target Process ID: 0x4 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293067 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293066 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xef4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293065 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1ab4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293064 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1ab4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293063 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=293062 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1ab4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xef4 Target Process ID: 0x4 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293061 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=293060 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xef4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:54:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54465 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54465 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54466 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54466 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54467 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54467 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275798 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xe70 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275797 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xff0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54468 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54468 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275800 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb4c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275799 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xcc4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275802 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xea0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:55:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275801 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb0c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275803 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x428 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54469 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54469 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54470 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54470 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4772 Application Name: \device\harddiskvolume1\program files\google\chrome\application\chrome.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 58860 Destination Address: 239.255.255.250 Destination Port: 1900 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4772 Application Name: \device\harddiskvolume1\program files\google\chrome\application\chrome.exe Network Information: Source Address: 10.0.1.14 Source Port: 58860 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54471 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54471 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 54471 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=294013 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: DS Access Subcategory: Detailed Directory Service Replication Subcategory GUID: {0CCE923E-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=294012 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: DS Access Subcategory: Directory Service Replication Subcategory GUID: {0CCE923D-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=294011 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: DS Access Subcategory: Directory Service Changes Subcategory GUID: {0CCE923C-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=294010 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: DS Access Subcategory: Directory Service Access Subcategory GUID: {0CCE923B-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=294009 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: Removable Storage Subcategory GUID: {0CCE9245-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4719 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Audit Policy Change OpCode=Info RecordNumber=294008 Keywords=Audit Success Message=System audit policy was changed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Audit Policy Change: Category: Object Access Subcategory: SAM Subcategory GUID: {0CCE9220-69AE-11D9-BED3-505054503030} Changes: Success removed, Failure removed 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=294007 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x766E86 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54474 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=294006 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x766E86 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54474 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=294005 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x766E86 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54474 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54474 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54474 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 54474 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 54473 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54473 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 54473 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54472 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 54472 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1264 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 54472 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=293950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54475 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54475 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 138 Destination Address: 10.0.1.255 Destination Port: 138 Protocol: 17 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 138 Destination Address: 10.0.1.255 Destination Port: 138 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54476 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54476 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54477 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54477 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54478 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54478 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54479 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54479 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5152 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Packet Drop OpCode=Info RecordNumber=294929 Keywords=Audit Failure Message=The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.0.1.12 Source Port: 8089 Destination Address: 10.0.1.14 Destination Port: 54470 Protocol: 6 Filter Information: Filter Run-Time ID: 69431 Layer Name: Transport Layer Run-Time ID: 13 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=294955 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1850 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=294954 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\aborted-session-ping.tmp Handle ID: 0x1850 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=294953 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xef4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:55:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=294952 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1850 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xef4 Target Process ID: 0x4 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 57469 Destination Address: 224.0.0.252 Destination Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 57469 Destination Address: ff02::1:3 Destination Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69393 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 57469 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 57469 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69068 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69073 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 0 Destination Address: 224.0.0.22 Destination Port: 0 Protocol: 2 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 143 Destination Address: ff02::16 Destination Port: 0 Protocol: 58 Filter Information: Filter Run-Time ID: 69393 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 416 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 68 Destination Address: 10.0.1.1 Destination Port: 67 Protocol: 17 Filter Information: Filter Run-Time ID: 69646 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 416 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 10.0.1.14 Source Port: 68 Protocol: 17 Filter Information: Filter Run-Time ID: 69026 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54480 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=294985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 54480 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 388 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: 93.104.86.31 Source Port: 54138 Destination Address: 10.0.1.14 Destination Port: 3389 Protocol: 6 Filter Information: Filter Run-Time ID: 66848 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:55:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 388 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: 93.104.86.31 Source Port: 54138 Destination Address: 10.0.1.14 Destination Port: 3389 Protocol: 6 Filter Information: Filter Run-Time ID: 66849 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 63717 Destination Address: 224.0.0.252 Destination Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 63717 Destination Address: ff02::1:3 Destination Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69393 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 63717 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 63717 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69068 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 5355 Protocol: 17 Filter Information: Filter Run-Time ID: 69073 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=295024 Keywords=Audit Failure Message=A handle to an object was requested. Subject: Security ID: NT AUTHORITY\LOCAL SERVICE Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3E5 Object: Object Server: SC Manager Object Type: SERVICE OBJECT Object Name: DNS Handle ID: 0x0 Resource Attributes: - Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: Pause or continue the service Issue service-specific control commands Access Reasons: - Access Mask: 0x140 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54868 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 65018 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 61222 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 61222 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 61222 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 61222 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 59592 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 49571 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 49571 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 49571 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 49571 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 60491 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 60453 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 58516 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54870 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54870 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 54870 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 54870 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54868 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54868 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 51764 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 51764 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 51764 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54868 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 51763 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51763 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 51763 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 49710 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 54868 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 54868 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 54868 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 49204 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 61467 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 55771 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 55771 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 55771 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 55771 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:55:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Other Object Access Events OpCode=Info RecordNumber=295090 Keywords=Audit Failure Message=A handle to an object was requested. Subject: Security ID: NT AUTHORITY\LOCAL SERVICE Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY Logon ID: 0x3E5 Object: Object Server: SC Manager Object Type: SERVICE OBJECT Object Name: DNS Handle ID: 0x0 Resource Attributes: - Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: Pause or continue the service Issue service-specific control commands Access Reasons: - Access Mask: 0x140 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:55:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51765 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51765 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51766 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51766 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295743 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm Handle ID: 0x1010 Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295742 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm Handle ID: 0x1010 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295741 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf04 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=295740 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1010 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf04 Target Process ID: 0x4 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295739 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-wal Handle ID: 0xd48 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295738 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf04 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=295737 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xd48 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf04 Target Process ID: 0x4 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295736 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite Handle ID: 0x200c Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295735 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite Handle ID: 0x200c Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295734 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf04 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=295733 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x200c Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf04 Target Process ID: 0x4 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295732 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm Handle ID: 0x1990 Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295731 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm Handle ID: 0x1990 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295730 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf04 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=295729 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1990 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf04 Target Process ID: 0x4 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295728 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal Handle ID: 0xcb0 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295727 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf04 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=295726 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xcb0 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf04 Target Process ID: 0x4 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4663 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295725 Keywords=Audit Success Message=An attempt was made to access an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite Handle ID: 0xcac Resource Attributes: S:AI Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Accesses: ReadData (or ListDirectory) Access Mask: 0x1 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295724 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite Handle ID: 0xcac Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x12019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=295723 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf04 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=295722 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xcac Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf04 Target Process ID: 0x4 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 6204 Application Name: \device\harddiskvolume1\program files\mozilla firefox\firefox.exe Network Information: Direction: Inbound Source Address: 127.0.0.1 Source Port: 52653 Destination Address: 127.0.0.1 Destination Port: 52652 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51767 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51767 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=295976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 123 Destination Address: 10.0.1.14 Destination Port: 123 Protocol: 17 Filter Information: Filter Run-Time ID: 66848 Layer Name: Receive/Accept Layer Run-Time ID: 44 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51768 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51768 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275805 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xbc4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275804 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xcec New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275807 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xfd4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:56:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275806 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x87c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275809 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xd34 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:56:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275808 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xc68 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296293 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x200c Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296292 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xd48 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296291 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xcac Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296290 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1010 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296289 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xcb0 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296288 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1990 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275810 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xda8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:56:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51769 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51769 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51770 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51770 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 51771 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 51771 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2868 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 51771 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51772 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51772 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296890 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xcb0 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296889 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs-1.js Handle ID: 0xcb0 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296888 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf90 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=296887 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0xcb0 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf90 Target Process ID: 0x4 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296886 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf90 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296885 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs-1.js Handle ID: 0xf90 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296884 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2078 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296883 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs-1.js Handle ID: 0x2078 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: - Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296882 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf90 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=296881 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2078 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf90 Target Process ID: 0x4 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296880 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2078 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296879 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs.js Handle ID: 0x2078 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296878 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf90 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=296877 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2078 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf90 Target Process ID: 0x4 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296876 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x2078 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296875 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs.js Handle ID: 0x2078 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=296874 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xf90 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=296873 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x2078 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xf90 Target Process ID: 0x4 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51773 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51773 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51776 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51776 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 51776 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51775 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51775 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 51775 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 59600 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 49666 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 908 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51774 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51774 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2980 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 51774 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 59601 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=296935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 59598 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51777 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51777 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51779 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51779 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 50920 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 62769 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 62769 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 62769 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 62769 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 6204 Application Name: \device\harddiskvolume1\program files\mozilla firefox\firefox.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51778 Destination Address: 142.250.185.234 Destination Port: 443 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 6204 Application Name: \device\harddiskvolume1\program files\mozilla firefox\firefox.exe Network Information: Source Address: 0.0.0.0 Source Port: 51778 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51145 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 62374 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 62374 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 62374 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:56:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 62374 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=297367 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: NT AUTHORITY\NETWORK SERVICE Account Name: WIN-DC-396$ Account Domain: ATTACKRANGE Logon ID: 0x3E4 Network Information: Object Type: File Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51780 Share Information: Share Name: \\*\IPC$ Share Path: Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51780 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 51780 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:56:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 51780 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297463 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297462 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs-1.js Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297461 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xadc Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297460 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xadc Target Process ID: 0x4 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297459 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xadc Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297458 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs-1.js Handle ID: 0xadc Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297457 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297456 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs-1.js Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Reasons: - Access Mask: 0x120089 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297455 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xadc Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297454 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xadc Target Process ID: 0x4 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297453 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297452 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs.js Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297451 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xadc Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297450 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xadc Target Process ID: 0x4 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297449 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297448 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\prefs.js Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297447 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xadc Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297446 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xadc Target Process ID: 0x4 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297720 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12c8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297719 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12c8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297718 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297717 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12c8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xdc4 Target Process ID: 0x4 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297716 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=297715 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xdc4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297714 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1838 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297713 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1838 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297712 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297711 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1838 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xdc4 Target Process ID: 0x4 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297710 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=297709 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xdc4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297708 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297707 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297706 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297705 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xdc4 Target Process ID: 0x4 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297704 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=297703 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xdc4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297702 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297701 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297700 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297699 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xdc4 Target Process ID: 0x4 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297698 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=297697 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xdc4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297696 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x1994 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297695 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x1994 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297694 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297693 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x1994 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xdc4 Target Process ID: 0x4 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297692 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=297691 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xdc4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297690 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x12a8 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297689 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0x12a8 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297688 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=297687 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x12a8 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xdc4 Target Process ID: 0x4 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=297686 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Kernel Object OpCode=Info RecordNumber=297685 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: \Device\HarddiskVolume1\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\glean\db\data.safe.bin Handle ID: 0xdc4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Access Reasons: DELETE: Granted by D:(A;;FA;;;BA) READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;FA;;;BA) ReadData (or ListDirectory): Granted by D:(A;;FA;;;BA) WriteData (or AddFile): Granted by D:(A;;FA;;;BA) AppendData (or AddSubdirectory or CreatePipeInstance): Granted by D:(A;;FA;;;BA) ReadEA: Granted by D:(A;;FA;;;BA) WriteEA: Granted by D:(A;;FA;;;BA) ReadAttributes: Granted by D:(A;;FA;;;BA) WriteAttributes: Granted by D:(A;;FA;;;BA) Access Mask: 0x13019F Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51781 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=297947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51781 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5152 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Packet Drop OpCode=Info RecordNumber=298072 Keywords=Audit Failure Message=The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.0.1.12 Source Port: 8089 Destination Address: 10.0.1.14 Destination Port: 51770 Protocol: 6 Filter Information: Filter Run-Time ID: 69431 Layer Name: Transport Layer Run-Time ID: 13 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51782 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51782 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:56:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 50252 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 55859 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 55859 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 55859 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 55859 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51783 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51783 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49996 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 63725 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 63725 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 63725 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 63725 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=298401 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0x10e4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4656 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=298400 Keywords=Audit Success Message=A handle to an object was requested. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Object Type: File Object Name: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ll73xech.default-release\datareporting\archived\2021-09\1631631421995.c291c1a4-d1f9-473c-a8a5-0e2123ebc46c.event.jsonlz4.tmp Handle ID: 0x10e4 Resource Attributes: - Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe Access Request Information: Transaction ID: {00000000-0000-0000-0000-000000000000} Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Access Reasons: - Access Mask: 0x120196 Privileges Used for Access Check: - Restricted SID Count: 0 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4658 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=File System OpCode=Info RecordNumber=298399 Keywords=Audit Success Message=The handle to an object was closed. Subject : Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Object: Object Server: Security Handle ID: 0xdc4 Process Information: Process ID: 0x183c Process Name: C:\Program Files\Mozilla Firefox\firefox.exe 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 56155 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4690 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Handle Manipulation OpCode=Info RecordNumber=298397 Keywords=Audit Success Message=An attempt was made to duplicate a handle to an object. Subject: Security ID: ATTACKRANGE\Administrator Account Name: administrator Account Domain: ATTACKRANGE Logon ID: 0x386AA2 Source Handle Information: Source Handle ID: 0x10e4 Source Process ID: 0x183c New Handle Information: Target Handle ID: 0xdc4 Target Process ID: 0x4 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 56155 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 56155 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 56155 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 6204 Application Name: \device\harddiskvolume1\program files\mozilla firefox\firefox.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51784 Destination Address: 44.235.28.153 Destination Port: 443 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 6204 Application Name: \device\harddiskvolume1\program files\mozilla firefox\firefox.exe Network Information: Source Address: 0.0.0.0 Source Port: 51784 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 636 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::a147:35ed:2004:ba49 Source Port: 49712 Destination Address: fe80::a147:35ed:2004:ba49 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 52282 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2940 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 56414 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 56414 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 56414 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 09/14/2021 02:57:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1108 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 56414 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51785 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51785 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51786 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51786 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275812 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xddc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:57:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275811 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x99c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275814 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xf60 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2480 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49679 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51787 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 69391 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3192 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 51787 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275813 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x6d4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=298992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275816 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x49c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:57:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275815 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3bc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:57:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-606.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=275817 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-606$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5b8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x3b8 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48 09/14/2021 02:57:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-396.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=299018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2884 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49700 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 69395 Layer Name: Connect Layer Run-Time ID: 48